The General Data Protection Regulations (GDPR) introduce special protection for children’s personal data which is mostly relevant to services such as social networking.

Ensure that your systems allow you to check the ages of your child patients.

Put in place procedures to obtain GDPR consent from a parent or guardian if you process personal information about your child patients under this lawful basis.


This interim advice is based on resources from the Information Commissioner’s Office (ICO) website. Although every effort has been made to ensure the accuracy of this advice, SDCEP takes no responsibility for inaccuracies or omissions and does not accept responsibility for any loss, damage or expense resulting from the use of this information. Further advice on complying with GDPR can be found on the ICO website and via the EU GDPR learning resource. Your indemnity organisation may also provide information and resources to help you comply and be able to advise you regarding particular issues that may arise from GDPR implementation.